Re: MUSCLE Disk encryption and more

2001-06-25 Thread Christoph Plattner 

Ok, it's offtopic here, but I don't think, it is a good idea
to use such policy. Why to protect such thing ??

A good policy is to setup a box and to have a model earning
money on services not on the boxes or the system (linux).

The user can do what ever he/she wants to do, if the user
disconfigured the system, it his personal problem. Or it is
a good idea to do a protection (check) over the configuration.

But the user has to pay for services, C offers ...

With friendly regards
Christoph P.



Patrick Valsecchi wrote:
 
 Hi
 
 My company is working for another company (let call it C) that is going to
 provide Linux boxes to its customers. As C is going to give them free or for a
 small fee, C doesn't want the customers to use the boxes for another purpose
 that the one specified by C.
 
 C doesn't want the user to be able to:
   - run another kernel than the one S provides
   - run executables that have not been signed by authorized developpers or that
 have been modified (signed executables)
   - change or alter the dynamic libraries (signed .so files)
   - have access to the binary of some executables (for avoiding reverse
 engineering)
   - save a file and give the disk to a friend (encrypted files, but I need to
 be fast on read and write, here)
 
 All that by using:
   - a SmartCard
   - a modified kernel
   - a specialised hardware for encryption
   - maybe a modified loader (lilo)
 
 And that mustn't be just simple tricks, we must protect those boxes against
 very skilled hackers.
 
 Is there existing projects on those subjects? Is anybody already worked on it?
 
 Thanks for your help.
 
 ---
   -°) Patrick Valsecchi
   /\\
  _\_v
 ***
 Linux Smart Card Developers - M.U.S.C.L.E.
 (Movement for the Use of Smart Cards in a Linux Environment)
 http://www.linuxnet.com/smartcard/index.html
 ***

-- 
---
private:[EMAIL PROTECTED]
company:[EMAIL PROTECTED]
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***

Re: MUSCLE New to list, problems with PIN code ! ...

2001-06-19 Thread Christoph Plattner 

I have spoken with Towitoko, and it seems to be a wrong
card in the the package. The label on the crad package
says CHIPCARD M2 (I2C EEPROM) card, and Towitoko says, that cards
using PINs are CHIPCARD M2P. The M2 type does not use any
PIN.

The information of the 000 as default PIN would be
helpful for me, but no chance any more to try it !!!
000 is this always for new manufactured cards ?
Is it 0x00 0x00 0x00 binary or 000 = 0x30 0x30 0x30 ASCII ?

With friendly regards
Christoph

Carlos Prados wrote:
 
 Hi,
 
  which includes 2 memory cards. Those two cards seems
  to be of a different type:
   - 2Kbit I2C EEPROM Card (256 Byte, R/W)
seems to be a 2-wire card
(icc-type = 2)
 
 If it's I2C, then it isn't 2-wire. If the Towitoko
 driver assigns '2' to the ICC type then it migth be an
 2-wire card.
 
   - 16Kbit I2C EEPROM Card (2048 Byte, R/W)
seems to be a IC2 SHORT card
(icc-type = 0)
 
  I don't know why these cards of different sizes are
  also
  of different types... ?
 
 
 Because of the protocol used to communicate with the
 card is diferent.
 
  But now to the problems:
  The ATR of the 16Kb card is always empty (NULL
  pointer,
  as it is no 2-/3-wire card). Is this implementation
  in the CT code correct ?
 
 
 Yes. I2C cards does not return ATR. So The driver
 leaves this data blank. The CT spec does not says
 nothing about this being incorrect, so I guess it's
 fine.
 
  And now the main problem:
  -
 
  The 2Kbit card seem to need the PIN code, is this
  correct
 
 Yes, you need to enter a PIN. The cards that come with
 the beginers pack use to have PIN=000.
 
 (I cannot write on it, and I saw in the
  code,
  that on type==2 and 3 cards, the PIN entering is
  always done.
  I have not seen any PIN  (in the package, on the
  card,
  etc) So I don't know any key, and now the card
  always
  blocks PIN entering, as the retry counter is already
  on '0'.
 
 This is because somebody (I don't mean you ;-) entered
 a wrong PIN 3 times, or because the card is bad.
 
  Can I do here anything ?
  I also want to contact TOWITOKO (german company),
  the cards
  and card reader are coming from.
 
 
 If the card is actually blocked, you cannot.
 
  Please help.
  I will further study the code to understand the PIN
  protocol
  and PIN handling. I have not found the spec for the
  security
  (PIN) handling and protocol yet.
 
 
 I don't know of such specification. You just need to
 use the appropiate CT commands (see MKT specs) to send
 PIN, change PIN, etc.
 
 __
 Do You Yahoo!?
 Spot the hottest trends in music, movies, and more.
 http://buzz.yahoo.com/
 ***
 Linux Smart Card Developers - M.U.S.C.L.E.
 (Movement for the Use of Smart Cards in a Linux Environment)
 http://www.linuxnet.com/smartcard/index.html
 ***

-- 
---
private:[EMAIL PROTECTED]
company:[EMAIL PROTECTED]
***
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***